获取amazondynamodbexception:用户:arn:aws:iam:user is 未授权执行:dynamodb:listtables

juzqafwq  于 2021-07-12  发布在  Java
关注(0)|答案(1)|浏览(444)

在dynamodb配置和连接尝试时,我遇到了一个amazondynamodb异常。配置代码如下所示:

  1. @AllArgsConstructor
  2. @Configuration
  3. public class AWSDynamoDBConfig {
  4. private final String accessKey;
  5. private final String secretKey;
  6. private final String roleArn;
  7. public AWSDynamoDBConfig() throws IOException {
  8. Properties properties = readProperties("common", "aws.properties");
  9. accessKey = properties.getProperty("aws.accessKey");
  10. secretKey = properties.getProperty("aws.secretKey");
  11. roleArn = properties.getProperty("aws.roleArn");
  12. }
  13. public AssumeRoleRequest roleRequest() {
  14. return new AssumeRoleRequest().withRoleArn(roleArn);
  15. }
  16. @Bean
  17. public AmazonDynamoDB amazonDynamoDB() {
  18. return AmazonDynamoDBClientBuilder
  19. .standard()
  20. .withRegion(Regions.EU_WEST_1)
  21. .withCredentials(amazonAWSCredentialProvider())
  22. .build();
  23. }
  24. @Bean
  25. public AWSCredentials amazonAWSCredential() {
  26. return new BasicAWSCredentials(accessKey, secretKey);
  27. }
  28. @Bean
  29. public DynamoDBMapperConfig dynamoDBMapperConfig() {
  30. return DynamoDBMapperConfig.DEFAULT;
  31. }
  32. @Bean
  33. public DynamoDBMapper dynamoDBMapper(AmazonDynamoDB amazonDynamoDB, DynamoDBMapperConfig config) {
  34. return new DynamoDBMapper(amazonDynamoDB, config);
  35. }
  36. @Bean
  37. public DynamoDB dynamoDB() {
  38. return new DynamoDB(amazonDynamoDB());
  39. }
  40. public AWSCredentialsProvider amazonAWSCredentialProvider() {
  41. return new AWSStaticCredentialsProvider(amazonAWSCredential());
  42. }
  43. }

方法调用时产生错误 listTables ```
public void listMyTables() {
TableCollection tables = awsDynamoDBConfig.dynamoDB().listTables();
Iterator iterator = tables.iterator();

  1. log.info("Listing tables from DynamoDB instance");
  2. while (iterator.hasNext()) {
  3. Table table = iterator.next();
  4. log.info("Table name: " + table.getTableName());
  5. }
  6. }
  1. com.amazonaws.services.dynamodbv2.model.amazondynamodbexception:用户:arn:awsiam::number:user/machine-user 无权执行:dynamodb:listtables on 资源:arn:aws:dynamodb:eu-west-1:number:table/*(服务:amazondynamodbv2;状态码:400;错误代码:accessdeniedexception;请求id:id号)
  2. 据我所知,我失踪了 `roleArn` 在amazondynamodb对象中,所以我要添加它。到目前为止,我发现一个主题点击,但上面的解决方案使用不推荐的对象 `AWSSecurityTokenServiceClient` 毕竟,我会使用新的对象 `AmazonDynamoDB` 但我没有找到如何让它成为现实。
  3. 我将非常感谢关于如何添加缺失的建议 `arnRole` 到 `AmazonDynamoDB` 对象完成配置步骤并建立连接。
0h4hbjxa

0h4hbjxa1#

您需要在运行此代码的角色上设置iam策略或内联策略。不确定它是lambda还是在容器中,或者其他什么东西,不管怎样,您的策略都需要如下所示:

  1. {
  2. "Version": "2012-10-17",
  3. "Statement": [
  4. {
  5. "Effect": "Allow",
  6. "Action": [
  7. "dynamodb:ListTables"
  8. ],
  9. "Resource": [
  10. "arn:aws:dynamodb:eu-west-1:number:table/*"
  11. ]
  12. }
  13. ]
  14. }

相关问题